# Copyright (c) 2019, 2021, Oracle and/or its affiliates.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License, version 2.0, as published by the
# Free Software Foundation.
#
# This program is also distributed with certain software (including but not
# limited to OpenSSL) that is licensed under separate terms, as designated in a
# particular file or component or in included license documentation. The
# authors of MySQL hereby grant you an additional permission to link the
# program and your derivative works with the separately licensed software that
# they have included with MySQL.
#
# Without limiting anything contained in the foregoing, this file, which is
# part of MySQL Connector/J, is also subject to the Universal FOSS Exception,
# version 1.0, a copy of which can be found at
# http://oss.oracle.com/licenses/universal-foss-exception.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License, version 2.0,
# for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA

# Mandatory TLS Ciphers
TLSCiphers.Mandatory=\
    ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\
    ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,\
    ECDHE_RSA_WITH_AES_128_GCM_SHA256

# Approved TLS Ciphers
TLSCiphers.Approved=\
    AES_128_GCM_SHA256,\
    AES_256_GCM_SHA384,\
    CHACHA20_POLY1305_SHA256,\
    AES_128_CCM_SHA256,\
    AES_128_CCM_8_SHA256,\
    ECDHE_RSA_WITH_AES_256_GCM_SHA384,\
    DHE_RSA_WITH_AES_128_GCM_SHA256,\
    DHE_DSS_WITH_AES_128_GCM_SHA256,\
    DHE_DSS_WITH_AES_256_GCM_SHA384,\
    DHE_RSA_WITH_AES_256_GCM_SHA384,\
    ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,\
    ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,\
    ECDHE_ECDSA_WITH_AES_256_CCM,\
    ECDHE_ECDSA_WITH_AES_128_CCM,\
    DHE_RSA_WITH_AES_256_CCM,\
    DHE_RSA_WITH_AES_128_CCM,\
    DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,\
    ECDHE_ECDSA_WITH_AES_256_CCM_8,\
    ECDHE_ECDSA_WITH_AES_128_CCM_8,\
    DHE_RSA_WITH_AES_256_CCM_8,\
    DHE_RSA_WITH_AES_128_CCM_8

# Deprecated TLS Ciphers
TLSCiphers.Deprecated=\
    ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\
    ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
    ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,\
    ECDHE_RSA_WITH_AES_256_CBC_SHA384,\
    DHE_DSS_WITH_AES_128_CBC_SHA256,\
    DHE_DSS_WITH_AES_256_CBC_SHA256,\
    DHE_RSA_WITH_AES_256_CBC_SHA256,\
    DHE_RSA_WITH_AES_128_CBC_SHA256,\
    DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,\
    DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,\
    ECDHE_RSA_WITH_AES_128_CBC_SHA,\
    ECDHE_ECDSA_WITH_AES_128_CBC_SHA,\
    ECDHE_RSA_WITH_AES_256_CBC_SHA,\
    ECDHE_ECDSA_WITH_AES_256_CBC_SHA,\
    DHE_DSS_WITH_AES_128_CBC_SHA,\
    DHE_RSA_WITH_AES_128_CBC_SHA,\
    DHE_RSA_WITH_AES_256_CBC_SHA,\
    DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,\
    RSA_WITH_CAMELLIA_128_CBC_SHA,\
    DH_RSA_WITH_AES_128_CBC_SHA256,\
    ECDH_ECDSA_WITH_AES_128_CBC_SHA256,\
    ECDH_RSA_WITH_AES_128_CBC_SHA256,\
    DH_RSA_WITH_AES_256_CBC_SHA256,\
    ECDH_RSA_WITH_AES_256_CBC_SHA384,\
    DH_DSS_WITH_AES_128_CBC_SHA256,\
    ECDH_ECDSA_WITH_AES_256_CBC_SHA384,\
    DH_DSS_WITH_AES_128_CBC_SHA,\
    ECDH_ECDSA_WITH_AES_128_CBC_SHA,\
    DH_DSS_WITH_AES_256_CBC_SHA,\
    ECDH_ECDSA_WITH_AES_256_CBC_SHA,\
    DH_DSS_WITH_AES_256_CBC_SHA256,\
    DH_RSA_WITH_AES_128_CBC_SHA,\
    ECDH_RSA_WITH_AES_128_CBC_SHA,\
    DH_RSA_WITH_AES_256_CBC_SHA,\
    ECDH_RSA_WITH_AES_256_CBC_SHA,\
    RSA_WITH_AES_128_GCM_SHA256,\
    RSA_WITH_AES_128_CCM,\
    RSA_WITH_AES_128_CCM_8,\
    RSA_WITH_AES_256_GCM_SHA384,\
    RSA_WITH_AES_256_CCM,\
    RSA_WITH_AES_256_CCM_8,\
    RSA_WITH_AES_128_CBC_SHA256,\
    RSA_WITH_AES_256_CBC_SHA256,\
    RSA_WITH_AES_128_CBC_SHA,\
    RSA_WITH_AES_256_CBC_SHA,\
    RSA_WITH_CAMELLIA_256_CBC_SHA,\
    RSA_WITH_CAMELLIA_128_CBC_SHA,\
    DH_DSS_WITH_AES_128_GCM_SHA256,\
    ECDH_ECDSA_WITH_AES_128_GCM_SHA256,\
    DH_DSS_WITH_AES_256_GCM_SHA384,\
    ECDH_ECDSA_WITH_AES_256_GCM_SHA384,\
    DH_RSA_WITH_AES_128_GCM_SHA256,\
    ECDH_RSA_WITH_AES_128_GCM_SHA256,\
    DH_RSA_WITH_AES_256_GCM_SHA384,\
    ECDH_RSA_WITH_AES_256_GCM_SHA384,\
    DH_DSS_WITH_3DES_EDE_CBC_SHA,\
    DH_RSA_WITH_3DES_EDE_CBC_SHA,\
    DHE_DSS_WITH_3DES_EDE_CBC_SHA,\
    DHE_RSA_WITH_3DES_EDE_CBC_SHA,\
    ECDH_RSA_WITH_3DES_EDE_CBC_SHA,\
    ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,\
    ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,\
    ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,\
    RSA_WITH_3DES_EDE_CBC_SHA

# Unacceptable TLS Ciphers
TLSCiphers.Unacceptable.Mask=_ANON_,_NULL_,_EXPORT,_MD5,_DES,_RC2_,_RC4_,_PSK_
